One of the interesting details to emerge from the report is that Target and Neiman Marcus are not the only victims. Other well-known retailers have also been hit, according to sources who spoke with Reuters, but those retailers have decided to keep mum about it. In fact, Reuters has uncovered six active attacks on retailers across the country.

The report reveals that the Target breach came from an advanced piece of software called POSRAM Trojan, which is also responsible for other attacks on retailers’ point-of-sale systems. POSRAM is a memory scraper that captures data stored on a card’s magnetic stripe in the moment when it’s swiped through the terminal and the data is still in the system’s memory. Data that’s encrypted appears in plain text.

The malware isn’t new—it’s been around for a few years. And evidently, the malware was customized to avoid detection by antivirus software, so that’s why Target’s antivirus tools didn’t flag it.

Target updated its fourth quarter outlook last week and revealed that while the company anticipates stronger-than-expected sales prior to the December 19 data breach announcement, sales likely dropped off immediately thereafter. Target said it expects “meaningfully weaker-than-expected sales” after the announcement, with a comparable sales decline of 2-6%.

The company expects further uncertainty in its GAAP EPS since it has no idea what kind of costs it’s facing in terms of reimbursements for credit card fraud and liability payments, Target REDcard fraud, civil litigation, government investigations, law enforcement proceedings, expenses for legal and investigative fees, and investments in remediation activities. In sum: there’s a big clusterf*ck of bills on the horizon.

Target has 1,797 stores in the U.S. and 124 stores in Canada, though it looks like only U.S. stores were affected. The company posted a profit of $1.6 billion on $51 billion in sales in the first nine months of 2013. Target originally expected to see a full-year EPS of $3.52.